CVE-2018-12364

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery CSRF attacks. This vulnerability affects Thunderbird 60,...

CVE-2018-12364

The CVE-2018-12364 entry affects Thunderbird and was mitigated in various distributions through Thunderbird 52.9.1 and related security advisories. The connected documents confirm concrete details: NPAPI plugins (e.g., Flash) can bypass CORS by issuing a same-origin POST that redirects (307) to t...

Amazon Linux 2 : thunderbird (ALAS-2018-1061)

Use-after-free when appending DOM nodes CVE-2018-12363 Use-after-free using focus CVE-2018-12360 Compromised IPC child process can list local filenames CVE-2018-12365 Buffer overflow using computed size of canvas element CVE-2018-12359 Using form to exfiltrate encrypted mail part by pressing ente...

openSUSE Security Update : seamonkey (openSUSE-2018-867)

This update for seamonkey fixes the following issues : Mozilla SeaMonkey was updated to 2.49.4 : Now uses Gecko 52.9.1esr boo1098998. Security issues fixed with MFSA 2018-16 boo1098998 : - CVE-2018-12359: Buffer overflow using computed size of canvas element - CVE-2018-12360: Use-after-free when...

Mozilla Thunderbird Security Advisories (MFSA2018-19, MFSA2018-19) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Mozilla: CSRF attacks through 307 redirects and NPAPI plugins

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery CSRF attacks. This vulnerability affects Thunderbird 60,...

[ASA-201807-4] thunderbird: multiple issues

Arch Linux Security Advisory ASA-201807-4 ========================================= Severity: Critical Date : 2018-07-16 CVE-ID : CVE-2018-5188 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374...

Mozilla: CSRF attacks through 307 redirects and NPAPI plugins

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery CSRF attacks. This vulnerability affects Thunderbird 60,...

Mozilla: CSRF attacks through 307 redirects and NPAPI plugins

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery CSRF attacks. This vulnerability affects Thunderbird 60,...

CVE-2018-12364

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery CSRF attacks. This vulnerability affects Thunderbird 60,...

FreeBSD : mozilla -- multiple vulnerabilities (cd81806c-26e7-4d4a-8425-02724a2f48af)

Mozilla Foundation reports : CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus CVE-2018-12361: Integer overflow in SwizzleData CVE-2018-12358: Same-origin bypass using service worker and redirection CVE-2018-12362: Integer overfl...

Security vulnerabilities fixed in Firefox ESR 52.9 — Mozilla

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when deleti...

Security vulnerabilities fixed in Firefox 61 — Mozilla

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when deleti...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus CVE-2018-12361: Integer overflow in SwizzleData CVE-2018-12358: Same-origin bypass using service worker and redirection CVE-2018-12362: Integer overflo...

KLA11271 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service and obtain sensitive information. Below is a complete list of...

CVE-2016-9072

When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox 50...

CVE-2016-9072

CVE-2016-9072 - Firefox 64-bit NPAPI sandbox not enabled by default Affecting: Mozilla Firefox on 64-bit Windows (Firefox versions older than 50). Root cause: when a new profile is created on 64-bit Windows, the sandbox for 64-bit NPAPI plugins is not enabled by default, leaving the plugin sandbo...

Security fix for the ALT Linux 10 package firefox-esr version 52.1.1-alt1

May 8, 2017 Andrey Cherepanov 52.1.1-alt1 - New ESR version 52.1.1 - Set plugin.loadflashonly setting to false to allow use all NPAPI plugins - Security fixes since 52.0: + CVE-2016-10196: Vulnerabilities in Libevent library + CVE-2017-5031: Use after free in ANGLE + CVE-2017-5428: integer overfl...

Fedora 23 : webkitgtk4-2.12.1-1.fc23 (2016-cb7a73c82e)

Highlights in 2.12.0: Enable FTL by default in JavaScriptCore for x8664. Network process is now used unconditionally. The shared secondary process model is now the same as using the multiple process model and setting a process limit of 1. Switch to use overlay scrollbars like all other GTK+ widge...

Vulnerability in Google Chrome Could Allow Local Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Google Chrome version 17.0.963.79 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Googl...